APT-17 group aka BITTER APT group has been recently active and targeting sectors in South Asia for information theft and espionage. This group has a history of targeting Energy, Engineering, Government in South Asia. Spear phishing emails have been the main strike force to target their victims and they’ve been doing it for years now. Many BITTER victims have been exploited through relatively popular Microsoft Office exploit, CVE-2012-0158, in order to download and execute a RAT binary from a website. Although the attack vector of this sample remains unknown of yet, but this is an indication of their presence again in the South Asian region.
Information theft and espionage
CICP Z9 Letter dated December 2020[.]exe